Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Google Safe Browsing (High Level)

Google Safe Browsing (High Level)

What is it? How does Firefox use it? How can you use it as a web developer?

luke crouch

January 15, 2018

More Decks by luke crouch

Other Decks in Technology


  1. It’s a free service operated by Google • It hosts

    lists of urls • malware • other unwanted software • phishing / social engineering • It’s used by Android, Gmail, Ads, Search, Chrome, Firefox, Safari, Opera
  2. Checking “live” adds too much latency to page loads •

    Firefox gets new bad urls from Google every 30m • Before displaying a page to a user, check local db
  3. The whole list is too big to download • each

    URL is canonicalized • then hashed • only the first 32 bits are kept
  4. False positives • Many urls could have the same 32-bit

    hash prefix • Get all the full hashes with the 32-bit prefix from the server • If page doesn’t match a full hash, it’s not on the list
  5. Download protection • Download the file • Check the main

    url, referrer and redirect chain against local blocklist; block if match • (Windows) if signed, check signature against allow-list of good publishers • If file is not binary, allow • If binary, send metadata to application reputation server
  6. Privacy • Browsers don't send all visited urls to Google

    • Safe Browsing data is never used anywhere else at Google • Firefox removes query string params from download check • Firefox stores Safe Browsing cookies in separate storage • Firefox adds a number of extra “noise” 32-bit hashes when requesting complete hashes